Премини към съдържанието

    Препоръчан отговор


    Здравейте, появи ми се една странна директория в Application Data с име Thinstall, Malwarebytes' Anti-Malware откривва тези неща в нея: Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32INFO.EXE (Trojan.Backdoor) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\romeo ninov\local settings\application data\thinstall\Cache\Stubs\c3ffec96e1a543c4a1694c0353eaafaf6ed697a\acrord32info.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\documents and settings\romeo ninov\application data\thinstall\cyberlink powerdvd 8\4000001a00002i\olrstatecheck.exe (Trojan.IRCBot) -> Quarantined and deleted successfully. след карантина и изтриване на директорията и рестарт директорията се появява отново. Моля за съвет и помощ за почистването

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добър ден..!Ако може да подготвите за начало един лог от DDS: тук . После ще я мислим ...Поздрави..:biggrin:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добър ден..!Ако може да подготвите за начало един лог от DDS: тук . После ще я мислим ...Поздрави..:biggrin:

    Ето резултатите:

    .

    DDS (Ver_11-03-05.01) - NTFSx86

    Run by Romeo Ninov at 9:40:00,92 on 26.03.2011 Ј.

    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1240 [GMT 1:00]

    .

    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\ibmpmsvc.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\IPSSVC.EXE

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    svchost.exe

    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

    C:\Program Files\MozyHome\mozybackup.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

    C:\WINDOWS\system32\TpShocks.exe

    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Lenovo\Zoom\TpScrex.exe

    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Siemens\Card API\bin\siecacst.exe

    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    C:\WINDOWS\system32\TpKmpSVC.exe

    C:\Program Files\MozyHome\mozystat.exe

    C:\Program Files\VMware\VMware Server\vmware-authd.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

    C:\WINDOWS\system32\vmnat.exe

    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

    C:\WINDOWS\system32\vmnetdhcp.exe

    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Documents and Settings\Romeo Ninov\Desktop\dds.scr

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    uInternet Settings,ProxyServer = 10.55.0.36:8080

    BHO: AutorunsDisabled - No File

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

    mRun: rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

    mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

    mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

    mRun: [TpShocks] TpShocks.exe

    mRun: [TP4EX] tp4ex.exe

    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

    mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

    mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe

    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

    mRun: [<NO NAME>]

    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

    mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [CheckPoint Cleanup] c:\docume~1\romeon~1\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\romeon~1\locals~1\temp\cpes_clean.exe

    mRun: [Flashget] c:\program files\flashget\flashget.exe /min

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\romeon~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hipath~1.lnk - c:\program files\siemens\card api\bin\siecacst.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

    IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

    IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    Trusted Zone: e-fibank.bg

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

    DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab

    DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    TCP: {08D4027E-BC55-411F-952C-4342C857AA0D} = 192.168.1.1

    Notify: AtiExtEvent - Ati2evxx.dll

    Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

    Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    LSA: Authentication Packages = msv1_0 relog_ap

    LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

    IFEO: taskmgr.exe - "c:\tools\PROCEXP.EXE"

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\docume~1\romeon~1\applic~1\mozilla\firefox\profiles\c0o9tb00.default\

    FF - prefs.js: network.proxy.ftp - tehif.eu

    FF - prefs.js: network.proxy.ftp_port - 3128

    FF - prefs.js: network.proxy.gopher - tehif.eu

    FF - prefs.js: network.proxy.gopher_port - 3128

    FF - prefs.js: network.proxy.http - tehif.eu

    FF - prefs.js: network.proxy.http_port - 3128

    FF - prefs.js: network.proxy.socks - tehif.eu

    FF - prefs.js: network.proxy.socks_port - 3128

    FF - prefs.js: network.proxy.ssl - tehif.eu

    FF - prefs.js: network.proxy.ssl_port - 3128

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

    R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-11-23 15784]

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]

    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-13 394952]

    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]

    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-9-13 53248]

    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]

    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-1-28 62320]

    R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2009-10-20 1654884]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

    S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]

    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-1-28 45424]

    S3 block_reader;MPR DRV;\??\f:\software\hack\multi_password_recovery_1.1.5_portable\block_reader.sys --> f:\software\hack\multi_password_recovery_1.1.5_portable\block_reader.sys [?]

    S3 cpuz130;cpuz130;\??\c:\docume~1\romeon~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\romeon~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

    S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [2007-2-28 91008]

    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

    S3 PCDSRVC{9503439C-19F1437D-06000000}_0;PCDSRVC{9503439C-19F1437D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pcdr5\pcdsrvc.pkms [2009-2-19 20848]

    S3 RETA5;RETA5 NDIS Protocol Driver;\??\c:\progra~1\eeyedi~1\cascan~1\reta5.sys --> c:\progra~1\eeyedi~1\cascan~1\RETA5.SYS [?]

    S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-19 109328]

    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]

    .

    =============== File Associations ===============

    .

    .txt=txt_auto_file

    .

    =============== Created Last 30 ================

    .

    2011-03-26 08:24:46 -------- d-----w- C:\Virtual Machines

    2011-03-22 20:35:34 -------- d-----w- c:\documents and settings\romeo ninov\.hAWabAzAr

    2011-03-22 20:35:34 -------- d-----w- c:\docume~1\romeon~1\applic~1\com.hyfn.taylorswift

    2011-03-22 19:44:39 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

    2011-03-22 19:44:39 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

    2011-03-22 19:44:39 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

    2011-03-22 19:44:39 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

    2011-03-22 19:44:39 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

    2011-03-22 19:44:38 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

    2011-03-22 19:44:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2011-03-22 19:44:37 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

    .

    ==================== Find3M ====================

    .

    2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll

    2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll

    2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll

    2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

    2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys

    2009-01-08 20:58:28 774144 ------w- c:\program files\RngInterstitial.dll

    .

    ============= FINISH: 9:40:46,20 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_11-03-05.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 09.10.2007 г. 03:16:04

    System Uptime: 26.3.2011 г. 09:22:13 (0 hours ago)

    .

    Motherboard: LENOVO | | 0674KSG

    Processor: Intel® Core2 CPU T7200 @ 2.00GHz | None | 1316/167mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 88 GiB total, 65,976 GiB free.

    D: is CDROM ()

    E: is CDROM (UDF)

    F: is FIXED (NTFS) - 578 GiB total, 229,207 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

    Description: Intel® PRO/Wireless 3945ABG Network Connection

    Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10118086&REV_02\4&20975680&0&00E1

    Manufacturer: Intel Corporation

    Name: Intel® PRO/Wireless 3945ABG Network Connection

    PNP Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10118086&REV_02\4&20975680&0&00E1

    Service: NETw5x32

    .

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

    Description: 1394 Net Adapter

    Device ID: V1394\NIC1394\2028101361B00

    Manufacturer: Microsoft

    Name: 1394 Net Adapter

    PNP Device ID: V1394\NIC1394\2028101361B00

    Service: NIC1394

    .

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

    Description: ThinkPad UltraNav Pointing Device

    Device ID: ACPI\IBM0057\4&38462492&0

    Manufacturer: Lenovo

    Name: ThinkPad UltraNav Pointing Device

    PNP Device ID: ACPI\IBM0057\4&38462492&0

    Service: i8042prt

    .

    Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}

    Description: IBM ThinkPad Fast Infrared Port

    Device ID: ACPI\IBM0071\4&38462492&0

    Manufacturer: IBM

    Name: IBM ThinkPad Fast Infrared Port

    PNP Device ID: ACPI\IBM0071\4&38462492&0

    Service: NSCIRDA

    .

    ==== System Restore Points ===================

    .

    RP298: 05.3.2011 г. 14:15:50 - System Checkpoint

    RP299: 09.3.2011 г. 07:01:55 - Software Distribution Service 3.0

    RP300: 13.3.2011 г. 06:54:35 - System Checkpoint

    RP301: 15.3.2011 г. 21:18:49 - Software Distribution Service 3.0

    RP302: 18.3.2011 г. 07:04:54 - System Checkpoint

    RP303: 19.3.2011 г. 13:45:48 - System Checkpoint

    RP304: 20.3.2011 г. 14:02:35 - System Checkpoint

    RP305: 24.3.2011 г. 06:18:24 - Software Distribution Service 3.0

    RP306: 26.3.2011 г. 07:45:06 - System Checkpoint

    .

    ==== Installed Programs ======================

    .

    2007 Microsoft Office system

    ACDSee Photo Manager 2009

    Acronis True Image WD Edition

    Adobe AIR

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader X (10.0.1)

    Adobe Shockwave Player 11.5

    Ashampoo Burning Studio 9.21

    ATI - Software Uninstall Utility

    ATI Catalyst Control Center

    ATI Display Driver

    ATI HYDRAVISION

    Audacity 1.3.8 (Unicode)

    Azureus

    BulgarianPhonetic XP by G. Atanasov

    Canon Camera Access Library

    Canon Utilities EOS Utility

    Catalyst Control Center - Branding

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Localization All

    ccc-Branding

    ccc-core-preinstall

    ccc-core-static

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Dutch

    CCC Help English

    CCC Help French

    CCC Help German

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Portuguese

    CCC Help Spanish

    CCC Help Swedish

    Critical Update for Windows Media Player 11 (KB959772)

    Diskeeper Lite

    ESET NOD32 Antivirus

    FlashGet 1.9.6.1073

    Futuremark SystemInfo

    High Definition Audio Driver Package - KB888111

    HiPath SIcurity Card API

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Internet Explorer 7 (KB947864)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB2158563)

    Hotfix for Windows XP (KB2443685)

    Hotfix for Windows XP (KB949764)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix for Windows XP (KB961118)

    Hotfix for Windows XP (KB970653-v3)

    Hotfix for Windows XP (KB970685)

    Hotfix for Windows XP (KB976098-v2)

    InfoNotary e-Doc Signer

    InfoNotary Smart Card Manager

    Intel PROSet Wireless

    Intel® PROSet/Wireless WiFi Software

    Java Auto Updater

    Java 6 Update 23

    K-Lite Codec Pack 5.6.1 (Full)

    Lexmark Software Uninstall

    Maintenance Manager

    Malwarebytes' Anti-Malware

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2416447)

    Microsoft .NET Framework 1.1 Security Update (KB979906)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft ActiveSync

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

    Microsoft National Language Support Downlevel APIs

    Microsoft Office 2003 Web Components

    Microsoft Office 2007 Primary Interop Assemblies

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Professional Hybrid 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Small Business Connectivity Components

    Microsoft Office Visio MUI (English) 2007

    Microsoft Office Visio Professional 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

    Microsoft Silverlight

    Microsoft Software Update for Web Folders (English) 12

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual J# 2.0 Redistributable Package - SE

    Miranda IM 0.9.17

    Mozilla Firefox 4.0 (x86 en-US)

    MozyHome

    mProSafe

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 6 Service Pack 2 (KB954459)

    mWlsSafe

    neroxml

    On Screen Display

    OpenAL

    PDFCreator

    Picasa 3

    Productivity Center Supplement for ThinkPad

    PuTTY version 0.60

    Rescue and Recovery

    Rescue and Recovery Critical Patch for Windows Update (KB917422)

    SA Dictionary 2005 T2

    Security Update for 2007 Microsoft Office System (KB951550)

    Security Update for 2007 Microsoft Office System (KB951944)

    Security Update for 2007 Microsoft Office System (KB960003)

    Security Update for CAPICOM (KB931906)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

    Security Update for Microsoft Office Excel 2007 (KB959997)

    Security Update for Microsoft Office OneNote 2007 (KB950130)

    Security Update for Microsoft Office PowerPoint 2007 (KB951338)

    Security Update for Microsoft Office Publisher 2007 (KB950114)

    Security Update for Microsoft Office system 2007 (KB954326)

    Security Update for Microsoft Office system 2007 (KB956828)

    Security Update for Microsoft Office Visio 2007 (KB957831)

    Security Update for Microsoft Office Word 2007 (KB956358)

    Security Update for Step By Step Interactive Training (KB898458)

    Security Update for Step By Step Interactive Training (KB923723)

    Security Update for Visio 2007 (KB947590)

    Security Update for Windows Internet Explorer 7 (KB2183461)

    Security Update for Windows Internet Explorer 7 (KB2360131)

    Security Update for Windows Internet Explorer 7 (KB2416400)

    Security Update for Windows Internet Explorer 7 (KB2482017)

    Security Update for Windows Internet Explorer 7 (KB929969)

    Security Update for Windows Internet Explorer 7 (KB937143)

    Security Update for Windows Internet Explorer 7 (KB938127)

    Security Update for Windows Internet Explorer 7 (KB939653)

    Security Update for Windows Internet Explorer 7 (KB942615)

    Security Update for Windows Internet Explorer 7 (KB944533)

    Security Update for Windows Internet Explorer 7 (KB950759)

    Security Update for Windows Internet Explorer 7 (KB956390)

    Security Update for Windows Internet Explorer 7 (KB958215)

    Security Update for Windows Internet Explorer 7 (KB960714)

    Security Update for Windows Internet Explorer 7 (KB961260)

    Security Update for Windows Internet Explorer 7 (KB963027)

    Security Update for Windows Internet Explorer 7 (KB969897)

    Security Update for Windows Internet Explorer 7 (KB972260)

    Security Update for Windows Internet Explorer 7 (KB974455)

    Security Update for Windows Internet Explorer 7 (KB976325)

    Security Update for Windows Internet Explorer 7 (KB978207)

    Security Update for Windows Internet Explorer 7 (KB982381)

    Security Update for Windows Media Player (KB2378111)

    Security Update for Windows Media Player (KB911564)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB954155)

    Security Update for Windows Media Player (KB968816)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player (KB975558)

    Security Update for Windows Media Player (KB978695)

    Security Update for Windows Media Player 10 (KB917734)

    Security Update for Windows Media Player 10 (KB936782)

    Security Update for Windows Media Player 11 (KB936782)

    Security Update for Windows Media Player 11 (KB954154)

    Security Update for Windows Media Player 6.4 (KB925398)

    Security Update for Windows XP (KB2079403)

    Security Update for Windows XP (KB2115168)

    Security Update for Windows XP (KB2121546)

    Security Update for Windows XP (KB2160329)

    Security Update for Windows XP (KB2229593)

    Security Update for Windows XP (KB2259922)

    Security Update for Windows XP (KB2279986)

    Security Update for Windows XP (KB2286198)

    Security Update for Windows XP (KB2296011)

    Security Update for Windows XP (KB2296199)

    Security Update for Windows XP (KB2347290)

    Security Update for Windows XP (KB2360937)

    Security Update for Windows XP (KB2387149)

    Security Update for Windows XP (KB2393802)

    Security Update for Windows XP (KB2419632)

    Security Update for Windows XP (KB2423089)

    Security Update for Windows XP (KB2436673)

    Security Update for Windows XP (KB2440591)

    Security Update for Windows XP (KB2443105)

    Security Update for Windows XP (KB2476687)

    Security Update for Windows XP (KB2478960)

    Security Update for Windows XP (KB2478971)

    Security Update for Windows XP (KB2479628)

    Security Update for Windows XP (KB2479943)

    Security Update for Windows XP (KB2481109)

    Security Update for Windows XP (KB2483185)

    Security Update for Windows XP (KB2485376)

    Security Update for Windows XP (KB2524375)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB923689)

    Security Update for Windows XP (KB938464-v2)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB951376)

    Security Update for Windows XP (KB951698)

    Security Update for Windows XP (KB951748)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB954459)

    Security Update for Windows XP (KB954600)

    Security Update for Windows XP (KB955069)

    Security Update for Windows XP (KB956391)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956844)

    Security Update for Windows XP (KB957097)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958687)

    Security Update for Windows XP (KB958690)

    Security Update for Windows XP (KB958869)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960225)

    Security Update for Windows XP (KB960715)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB961371)

    Security Update for Windows XP (KB961373)

    Security Update for Windows XP (KB961501)

    Security Update for Windows XP (KB968537)

    Security Update for Windows XP (KB969059)

    Security Update for Windows XP (KB969898)

    Security Update for Windows XP (KB969947)

    Security Update for Windows XP (KB970238)

    Security Update for Windows XP (KB970430)

    Security Update for Windows XP (KB971468)

    Security Update for Windows XP (KB971486)

    Security Update for Windows XP (KB971557)

    Security Update for Windows XP (KB971633)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB971961)

    Security Update for Windows XP (KB972270)

    Security Update for Windows XP (KB973346)

    Security Update for Windows XP (KB973354)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973525)

    Security Update for Windows XP (KB973869)

    Security Update for Windows XP (KB973904)

    Security Update for Windows XP (KB974112)

    Security Update for Windows XP (KB974318)

    Security Update for Windows XP (KB974392)

    Security Update for Windows XP (KB974571)

    Security Update for Windows XP (KB975025)

    Security Update for Windows XP (KB975467)

    Security Update for Windows XP (KB975560)

    Security Update for Windows XP (KB975561)

    Security Update for Windows XP (KB975562)

    Security Update for Windows XP (KB975713)

    Security Update for Windows XP (KB977165)

    Security Update for Windows XP (KB977816)

    Security Update for Windows XP (KB977914)

    Security Update for Windows XP (KB978037)

    Security Update for Windows XP (KB978251)

    Security Update for Windows XP (KB978262)

    Security Update for Windows XP (KB978338)

    Security Update for Windows XP (KB978542)

    Security Update for Windows XP (KB978601)

    Security Update for Windows XP (KB978706)

    Security Update for Windows XP (KB979309)

    Security Update for Windows XP (KB979482)

    Security Update for Windows XP (KB979559)

    Security Update for Windows XP (KB979683)

    Security Update for Windows XP (KB979687)

    Security Update for Windows XP (KB980195)

    Security Update for Windows XP (KB980218)

    Security Update for Windows XP (KB980232)

    Security Update for Windows XP (KB980436)

    Security Update for Windows XP (KB981322)

    Security Update for Windows XP (KB981349)

    Security Update for Windows XP (KB981852)

    Security Update for Windows XP (KB981957)

    Security Update for Windows XP (KB981997)

    Security Update for Windows XP (KB982132)

    Security Update for Windows XP (KB982214)

    Security Update for Windows XP (KB982665)

    Security Update for Windows XP (KB982802)

    Skins

    Skype™ 3.8

    SoundMAX

    Spelling Dictionaries Support For Adobe Reader 9

    Subtitle Workshop 2.51

    Synaptics Pointing Device Driver

    System Migration Assistant

    System Update

    Texas Instruments PCIxx21/x515/xx12 drivers.

    ThinkPad Bluetooth with Enhanced Data Rate Software

    ThinkPad Configuration

    ThinkPad EasyEject Utility

    ThinkPad FullScreen Magnifier

    ThinkPad Hotkey Features Setup

    ThinkPad Keyboard Customizer Utility

    ThinkPad Modem

    ThinkPad PC Card Power Policy

    ThinkPad Power Management Driver

    ThinkPad Power Manager

    ThinkPad Presentation Director

    ThinkPad UltraNav Utility

    ThinkPad UltraNav Wizard

    ThinkVantage Active Protection System

    ThinkVantage Fingerprint Software

    ThinkVantage Productivity Center

    ThinkVantage Technologies Welcome Message

    TIPCI

    Total Commander (Remove or Repair)

    TrackPoint Accessibility Features

    TrueCrypt

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft Office Outlook 2007 (KB952142)

    Update for Office 2007 (KB932080)

    Update for Office 2007 (KB934391)

    Update for Office System 2007 Setup (KB929722)

    Update for Outlook 2007 Junk Email Filter (KB2508979)

    Update for Windows Internet Explorer 7 (KB976749)

    Update for Windows Internet Explorer 7 (KB980182)

    Update for Windows XP (KB2141007)

    Update for Windows XP (KB2345886)

    Update for Windows XP (KB2467659)

    Update for Windows XP (KB951978)

    Update for Windows XP (KB955759)

    Update for Windows XP (KB955839)

    Update for Windows XP (KB967715)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB971029)

    Update for Windows XP (KB971737)

    Update for Windows XP (KB973687)

    Update for Windows XP (KB973815)

    VCRedistSetup

    Visual C++ 8.0 ATL (x86) WinSXS MSM

    Visual C++ 8.0 CRT (x86) WinSXS MSM

    VLC media player 1.1.8

    VMware OVF Tool

    VMware Server

    Wallpapers

    WebFldrs XP

    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Internet Explorer 7

    Windows Media Connect

    Windows Media Format 11 runtime

    Windows Media Player 10 Hotfix - KB894476

    Windows Media Player 11

    Windows XP Service Pack 3

    WinRAR archiver

    XP Themes

    .

    ==== Event Viewer Messages From Past Week ========

    .

    26.3.2011 г. 09:24:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIF

    26.3.2011 г. 09:23:34, error: Service Control Manager [7023] - The Logical Disk Manager service terminated with the following error: The specified module could not be found.

    26.3.2011 г. 09:23:34, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    26.3.2011 г. 09:23:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    26.3.2011 г. 09:21:19, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

    26.3.2011 г. 09:16:11, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

    26.3.2011 г. 09:11:53, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

    25.3.2011 г. 20:01:01, error: VolSnap [25] - The shadow copy of volume F: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.

    25.3.2011 г. 20:00:53, error: VolSnap [12] - The shadow copy of volume F: became low on diff area space before it was properly installed.

    24.3.2011 г. 20:30:00, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    24.3.2011 г. 20:01:13, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    23.3.2011 г. 20:00:37, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    22.3.2011 г. 20:00:30, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    21.3.2011 г. 18:42:33, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

    21.3.2011 г. 18:40:49, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

    21.3.2011 г. 07:17:22, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

    21.3.2011 г. 07:17:18, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

    21.3.2011 г. 07:12:35, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

    20.3.2011 г. 19:28:01, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    19.3.2011 г. 20:00:48, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

    .

    ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Това IP : 10.55.0.36 - познато ли ви е..?

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    При изпълнението на програмата се появи син екран и компютъра се рестартира, това стана някъде след stage_20 мисля. И за съжалени в с:\ няма такъв файл П.П. Да, ИП адреса ми е познат, това е прокси сървъра в работата

    Редактирано от capnemo (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отново привети..!:speak:Опитайте да направите сканирането с ComboFix (по инструкцията в пост 4) в =linker"]Safe Mode без да изключвате интернет достъпа си..!Молбата ми е ако евентуално изникне BSOD (син екран) да се опитате да запишете грешката и да ми я кажете....ще ви бъда благодарен..!Поздрави..!:)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отново привети..!:speak:Опитайте да направите сканирането с ComboFix (по инструкцията в пост 4) в Safe Mode без да изключвате интернет достъпа си..!Молбата ми е ако евентуално изникне BSOD (син екран) да се опитате да запишете грешката и да ми я кажете....ще ви бъда благодарен..!Поздрави..!:)

    Комбофикс ме предупреждава че е активиран скенера на НОД32 (safe mode) и не мога да намеря начин да го спра

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Опитайте така:

    Кликнете два пъти върху иконата на НОД32 в системната област в долния десен ъгъл.

    Изберете Disable real-time file system protection

    Ще ви попита: "Are you sure you want to disable...protection?"

    Натиснете "Yes", за да изключите за да изключите защитата на антивируса

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Опитайте така:

    Кликнете два пъти върху иконата на НОД32 в системната област в долния десен ъгъл.

    Изберете Disable real-time file system protection

    Ще ви попита: "Are you sure you want to disable...protection?"

    Натиснете "Yes", за да изключите за да изключите защитата на антивируса

    В трея нямам никакви икони, само часовника. И това са процесите според process explorer

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Да разбрах ..тогава когато те уведоми че е включена защитата потвърди и продължи....!За сега по вероятно е проблема да се дължи на конфликт между ваш софтуер и Комбофикс..!:rolleyes:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Да разбрах ..тогава когато те уведоми че е включена защитата потвърди и продължи....!За сега по вероятно е проблема да се дължи на конфликт между ваш софтуер и Комбофикс..!:rolleyes:

    Ето го лога, всички етапи минаха нормално. Лога е правен в safe mode и единственото, което съм натискал е ОК на предупреждението за влизане safe mode

    ComboFix 11-03-25.04 - Romeo Ninov 03.2011 г. 17:22:02.5.2 - x86 NETWORK

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1743 [GMT 1:00]

    Running from: c:\documents and settings\Romeo Ninov\Desktop\ComboFix.exe

    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\All Users\ntuser.pol

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_BLOCK_READER

    -------\Service_block_reader

    -------\Service_Ias

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))

    .

    .

    2011-03-26 08:24 . 2011-03-26 08:24 -------- d-----w- C:\Virtual Machines

    2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\documents and settings\Romeo Ninov\Application Data\com.hyfn.taylorswift

    2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\documents and settings\Romeo Ninov\.hAWabAzAr

    2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\program files\Common Files\Adobe AIR

    2011-03-22 19:44 . 2011-03-22 19:44 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

    2011-03-22 19:44 . 2011-03-22 19:44 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

    2011-03-22 19:44 . 2011-03-22 19:44 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

    2011-03-22 19:44 . 2011-03-22 19:44 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

    2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

    2011-03-22 19:44 . 2011-03-22 19:44 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

    2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

    2011-03-22 19:44 . 2011-03-22 19:44 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-02-09 13:53 . 2006-04-30 06:55 270848 ------w- c:\windows\system32\sbe.dll

    2011-02-09 13:53 . 2006-04-30 06:55 186880 ------w- c:\windows\system32\encdec.dll

    2011-02-02 07:58 . 2006-04-30 07:09 2067456 ------w- c:\windows\system32\mstscax.dll

    2011-01-27 11:57 . 2006-04-30 07:09 677888 ------w- c:\windows\system32\mstsc.exe

    2011-01-21 14:44 . 2006-04-30 06:56 439296 ----a-w- c:\windows\system32\shimgvw.dll

    2011-01-07 14:09 . 2006-04-30 06:55 290048 ----a-w- c:\windows\system32\atmfd.dll

    2010-12-31 13:10 . 2006-04-30 06:55 1854976 ------w- c:\windows\system32\win32k.sys

    2009-01-08 20:58 . 2009-01-08 20:58 774144 ------w- c:\program files\RngInterstitial.dll

    2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ------- Sigcheck -------

    .

    [-] 2009-07-14 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2009-05-07 . 69564DE8D733BA39226A43FF11095B10 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\cache\tcpip.sys

    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

    2011-02-08 12:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

    2011-02-08 12:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]

    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-10-22 208896]

    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]

    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

    "TpShocks"="TpShocks.exe" [2009-07-08 337184]

    "TP4EX"="tp4ex.exe" [2005-10-17 65536]

    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-09-01 165208]

    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-20 487424]

    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

    "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]

    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]

    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]

    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]

    "Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    c:\documents and settings\Romeo Ninov\Start Menu\Programs\Startup\

    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2008-12-18 49152]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-2 50688]

    HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2007-10-25 69632]

    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

    2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

    2009-05-21 13:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

    2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

    2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    2008-09-23 12:17 21755688 ------r- c:\program files\Skype\Phone\Skype.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "FirewallOverride"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Miranda IM\\miranda32.exe"=

    "c:\\Program Files\\Azureus\\Azureus.exe"=

    "c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=

    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\WINDOWS\\system32\\java.exe"=

    "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

    "c:\\Program Files\\FlashGet\\FlashGet.exe"=

    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "21551:TCP"= 21551:TCP:BitComet 21551 TCP

    "21551:UDP"= 21551:UDP:BitComet 21551 UDP

    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    .

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03.11.2007 г. 20:36 685816]

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.6.2009 г. 12:51 20520]

    R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [23.11.2008 г. 11:37 15784]

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 г. 16:49 94360]

    S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 г. 16:47 107256]

    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 г. 16:47 731840]

    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28.1.2010 г. 11:24 45424]

    S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13.9.2008 г. 08:49 53248]

    S2 smi2;smi2;c:\program files\SMI2\smi2.sys [14.7.2006 г. 23:55 3968]

    S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 г. 12:47 12560]

    S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.1.2010 г. 11:24 62320]

    S2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [20.10.2009 г. 13:51 1654884]

    S3 cpuz130;cpuz130;\??\c:\docume~1\ROMEON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ROMEON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

    S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [28.2.2007 г. 05:38 91008]

    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]

    S3 PCDSRVC{9503439C-19F1437D-06000000}_0;PCDSRVC{9503439C-19F1437D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PCDR5\pcdsrvc.pkms [19.2.2009 г. 22:50 20848]

    S3 RETA5;RETA5 NDIS Protocol Driver;\??\c:\progra~1\EEYEDI~1\CASCAN~1\RETA5.SYS --> c:\progra~1\EEYEDI~1\CASCAN~1\RETA5.SYS [?]

    S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01.10.2006 г. 13:37 26624]

    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.11.2009 г. 20:23 109328]

    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06.5.2008 г. 15:06 11520]

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-03-26 c:\windows\Tasks\InfoNotary Smart Card Manager Updates.job

    - c:\program files\InfoNotary\SCManager2\updater.exe [2010-11-12 15:58]

    .

    2010-03-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

    - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

    .

    2011-03-26 c:\windows\Tasks\PMTask.job

    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-15 23:04]

    .

    2011-01-04 c:\windows\Tasks\Update InfoNotary e-Doc Signer.job

    - c:\program files\InfoNotary\INSigner\INSignerUpdater.exe [2010-07-26 12:24]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = about:blank

    uInternet Settings,ProxyServer = 10.55.0.36:8080

    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

    Trusted Zone: e-fibank.bg

    TCP: {08D4027E-BC55-411F-952C-4342C857AA0D} = 192.168.1.1

    DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

    FF - ProfilePath - c:\documents and settings\Romeo Ninov\Application Data\Mozilla\Firefox\Profiles\c0o9tb00.default\

    FF - prefs.js: network.proxy.ftp - tehif.eu

    FF - prefs.js: network.proxy.ftp_port - 3128

    FF - prefs.js: network.proxy.gopher - tehif.eu

    FF - prefs.js: network.proxy.gopher_port - 3128

    FF - prefs.js: network.proxy.http - tehif.eu

    FF - prefs.js: network.proxy.http_port - 3128

    FF - prefs.js: network.proxy.socks - tehif.eu

    FF - prefs.js: network.proxy.socks_port - 3128

    FF - prefs.js: network.proxy.ssl - tehif.eu

    FF - prefs.js: network.proxy.ssl_port - 3128

    FF - prefs.js: network.proxy.type - 0

    .

    .

    ------- File Associations -------

    .

    .txt=txt_auto_file

    .

    - - - - ORPHANS REMOVED - - - -

    .

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

    SafeBoot-mcmscsvc

    SafeBoot-MCODS

    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

    MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe

    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

    MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

    MSConfigStartUp-UpdatePDRShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

    MSConfigStartUp-UpdatePPShortCut - c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-03-26 17:27

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{9503439C-19F1437D-06000000}_0]

    "ImagePath"="\??\c:\program files\pcdr5\pcdsrvc.pkms"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-39014616-1862209109-968308959-1008\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(1040)

    c:\windows\system32\vrlogon.dll

    c:\windows\system32\Ati2evxx.dll

    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

    c:\program files\ThinkVantage Fingerprint Software\infql2.dll

    c:\program files\ThinkVantage Fingerprint Software\homepass.dll

    c:\program files\ThinkVantage Fingerprint Software\bio.dll

    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    .

    - - - - - - - > 'lsass.exe'(1108)

    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

    c:\program files\ThinkVantage Fingerprint Software\infql2.dll

    .

    - - - - - - - > 'explorer.exe'(1392)

    c:\windows\system32\WININET.dll

    c:\program files\MozyHome\mozyshell.dll

    c:\program files\MozyHome\LIBEAY32.dll

    c:\windows\system32\ieframe.dll

    .

    Completion time: 2011-03-26 17:31:55 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-03-26 16:31

    .

    Pre-Run: 73 648 947 200 bytes free

    Post-Run: 73 651 339 264 bytes free

    .

    - - End Of File - - 2C736C1D4557919212489D077A29B402

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Наблюдавате ли проблеми по системата си...?:dancing18:

    не, даже я усещам малко по-пъргава, но може би това е субективно :P Благодаря

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Прекрасно..!:dancing18:Деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    След това едно контролно сканиране с MBAM:

    * Изтеглете Malwarebytes' Anti-Malware Free от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Прекрасно..!:rolleyes:Деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    След това едно контролно сканиране с MBAM:

    * Изтеглете Malwarebytes' Anti-Malware Free от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Почистих с първите два инструмента. Имам инсталирана безплатната версия на Malwarebytes' Anti-Malware (теглена от официалния сайт), и ъпдейтвана редовно. Нужно ли е да я деинсталирам и инсталирам отново?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не,разбира се...!Няма смисъл...!:)

    Ето го лога:

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Database version: 6176

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 7.0.5730.11

    26.3.2011 г. 20:46:58

    mbam-log-2011-03-26 (20-46-58).txt

    Scan type: Full scan (C:\|F:\|)

    Objects scanned: 283501

    Time elapsed: 1 hour(s), 5 minute(s), 50 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами мисля че това е всичко..!Не виждам активни зарази ....!Пожелавам ви лека вечер..!:)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами мисля че това е всичко..!Не виждам активни зарази ....!Пожелавам ви лека вечер..!:)

    Благодаря за помощта, приятна вечер и на вас :ph34r:
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.